@socketsecurity/cli
Advanced tools
CLI tool for Socket.dev
npm install -g socket
socket --help
socket npm [args...] and socket npx [args...] - Wraps npm and npx to
integrate Socket.dev and preempt installation of alerted packages using the
builtin resolution of npm to precisely determine package installations
socket optimize - Optimize dependencies with
@socketregistry overrides
(👀 our blog post)
--pin - Pin overrides to their latest version--prod - Add overrides for only production dependenciessocket cdxgen [command] - Call out to
cdxgen. See
their documentation
for commands.
All aliases support the flags and arguments of the commands they alias.
socket ci - alias for socket scan create --report which creates a report for the current directory and quits with an exit code if the result is unhealthy--json - Outputs result as JSON which can be piped into jq and other tools--markdown - Outputs result as Markdown which can be copied into issues, pull requests, or chats--dry-run - Run a command without uploading anything--debug - Output additional debug--help - Prints help documentation for a command--max-old-space-size - Set Node's V8 --max-old-space-size option--max-semi-space-size - Set Node's V8 --max-semi-space-size option--version - Prints the Socket CLI versionThe CLI reads and uses data from a
socket.yml file in the folder you
run it in. It supports the version 2 of the socket.yml file format and makes
use of the projectIgnorePaths to excludes files when creating a report.
SOCKET_CLI_API_TOKEN - Set the Socket API tokenSOCKET_CLI_CONFIG - A JSON stringified Socket configuration objectSOCKET_CLI_GIT_USER_EMAIL - The git config user.email used by Socket CLIgithub-actions[bot]@users.noreply.github.comSOCKET_CLI_GIT_USER_NAME - The git config user.name used by Socket CLIgithub-actions[bot]SOCKET_CLI_GITHUB_TOKEN - A classic or fine-grained GitHub personal access token with the "repo" scope or read/write permissions set for "Contents" and "Pull Request"GITHUB_TOKENSOCKET_CLI_NO_API_TOKEN - Make the default API token undefinedSOCKET_CLI_NPM_PATH - The absolute location of the npm directorySOCKET_CLI_ORG_SLUG - Specify the Socket organization slugSOCKET_CLI_ACCEPT_RISKS - Accept risks of a Socket wrapped npm/npx runSOCKET_CLI_VIEW_ALL_RISKS - View all risks of a Socket wrapped npm/npx runTo run dev locally you can run these steps
npm install
npm run build
npm exec socket
SOCKET_CLI_API_BASE_URL - Change the base URL for all API-callshttps://api.socket.dev/v0/SOCKET_CLI_API_PROXY - Set the proxy all requests are routed through, e.g. if set tohttp://127.0.0.1:9090, then all request are passed through that proxyHTTPS_PROXY, https_proxy, HTTP_PROXY, and http_proxySOCKET_CLI_DEBUG - Enable debug logging in Socket CLIDEBUG - Enable debug logging based on the debug package@socketsecurity/sdk - The SDK used by Socket CLIFAQs
CLI for Socket.dev
The npm package @socketsecurity/cli receives a total of 14,655 weekly downloads. As such, @socketsecurity/cli popularity was classified as popular.
We found that @socketsecurity/cli demonstrated a healthy version release cadence and project activity because the last version was released less than a year ago. It has 2 open source maintainers collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
npm now supports Trusted Publishing with OIDC, enabling secure package publishing directly from CI/CD workflows without relying on long-lived tokens.
Research
/Security News
A RubyGems malware campaign used 60 malicious packages posing as automation tools to steal credentials from social media and marketing tool users.
Security News
The CNA Scorecard ranks CVE issuers by data completeness, revealing major gaps in patch info and software identifiers across thousands of vulnerabilities.